Subscribe

Receive updates via email:

 Updates via RSS

Tag Cloud

Blog Archive

Friday, August 03, 2007

Fixed! TSC.EXE CPU, Hard Drive, and Hibernate Issues

I have been frustrated by the process "TSC.EXE" on my laptop and the way it has been both spiking my CPU at 90-99% as well as hammering my disk drive. The behavior I saw was mainly during an intial logon to my Windows XP Professional laptop, and especially apparent after waking my computer up from sleeping or the hibernate mode when you close your laptop.

I finally got sick of always having to go to the Windows XP Task Manager and then right clicking on the TSC.EXE to end the process and kill it. It was often taking anywhere between 15-20 minutes of constant hard drive activity, drastically slowing down the machine and spiking the CPU processor on my machine. However, I have fixed it good for now.

What is TSC.exe? Well, it is part of the Trend Micro Damage Cleanup Engine which is primarily used AFTER a virus has gotten into the wild and the current patterns of the anti-virus are not effective. The Trend Micro Damage Cleanup Engine and the TSC.EXE process will then scan your machine to clean-up any damage that may have already been done. The TSC.EXE process if part of both the OfficeScan and PC-cillin lines of products. There is absolutely no reason why it should behave this way, especially after a wake-up from sleep mode on your computer.

How did I fix it? It's pretty straight forward. Here is what I did:

1. I browsed to C:\Program Files\Trend Micro\OfficeScan Client (default) or the customer installation folder for Trend Micro.

2. I right clicked on TSC.EXE and selected Properties.

3. I selected the "Security" tab on the properties screen.

4. Rather than "everyone" having full control, read, write, and change access to TSC.EXE, I selected the "Deny" for every and everything.

Trend Micro TSC.EXE CPU and Hard Driver performance fix 1

5. I was prompted by Windows "You have denied everyone access to TSC.EXE. No one will be able to access TSC.EXE and only the owner will be able to change the permissions. Do you wish to continue?" Of course, I do -- if I deny access, then the machine cannot start the process. I selected "Yes".

Trend Micro TSC.EXE CPU and Hard Drive Performance Fix 2

6. I clicked on "OK" to confirm my choice.

Now the computer works like a charm on startup as well as returning from the hibernation mode.

Are you having a problem with TSC.EXE? Did this solution work for you?

13 comments:

Anonymous said...

http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-124431&id=EN-124431

you can adjust it a bit less drastically...

Ken Hanscom said...

All that does is reduce the initial amount of system resources it uses from a CPU perspective. My problem although occassionally spiking the CPU was that the disks were going crazy. In addition, the product should better understand when to and when not to run. Running damage clean-up every time you wake your machine up from sleeping is a bad design.

Anonymous said...

I used to love PC Cillin because it was fast and effective, unlike Norton or McAffee which are resource hogs. These days, PC Cillin is also a resource hog. TSC.EXE is just the tip of the iceberg -- just about every time my machine slows to a crawl, I find out it's because something in PC Cillin has taken over.

I would suggest, rather than breaking pieces of PC Cillin, that you just get a completely different anti-virus program.

The problem with the popular anti-virus programs is that they try to do everything -- analyze email, both incoming and outgoing, analyze the websites you visit, etc. etc. They suffer from bloat-ware. Get rid of them and install something that's only anti-virus, where you can schedule a daily scan when you're out to lunch.

Try NOD32 -- I installed it on my wife's laptop. It's an older, slower machine, and startup time shrank from 12 minutes to 2.

There's also AVG which has a free version I'm going to try as soon as my PC Cillin subscription expires. (google for "free avg")

Ken Hanscom said...

My only response is that your comment assumes you have the flexibility to choose which anti-virus solution is available for your PC. Some people do not, leaving you with little alternative. Let's just leave it at that.

Anonymous said...

Thanks! This was actually very helpful. I have a SharePoint server and it was just dying under the weight of this thing. I suspect the TSC.exe and SharePoint do not play well with each other.

D.

Anonymous said...

Thanks for the info. This worked for me. I recommend AVG for slower computers but the company I work for uses Trend so I needed this FIX.

Guy Leech said...

I had this issue on XP which was sorted by changing the permissions on TSC.exe as described.

I have not seen the issue yet on Vista (SP1) with the same AV installed on the same laptop.

Anonymous said...

When I did this, I found no security tab. I only have general, version, compatibility, summary, virus property, and digital signatures. What am I missing here?

Ken Hanscom said...

Probably administrative rights on your machine. Do you have those or Power User rights? If not, you may need to log in as an Administrator in order to do this.

T J Sawyer said...

Thanks for the suggestion. I would go farther than most people and suggest that no one use an "anti-virus" package. They are all far more trouble than they are worth.

I have been running two of my last three systems w/o virus "protection" for about three years and am very happy with the results.

I have been using and supporting PCs since the original IBM PC first came out in 81(?). The only viruses that I have ever seen were caused by people loading executables that they knew nothing about except they came via e-mail and are supposed to be "really neat!"

Adware, spyware etc.? That is a different issue. Unless you are willing to kill all scripting you just have to live with it and run Adaware, Spybot and the like.

Or you could go Mac or Unix - a move I am gradually making.

Anonymous said...

I've been driven crazy by this behavior as well and so tried what is suggested. I'm running Internet Security 2007 and XP XP2. The folder structure does not match what you show (no Officescan folder), but I found tsc.exe anyway. Then, Properties does not show any of the same tabs as you do, and does not show a Security tab. So there is no way to follow through. I am doing this as administrator. I think they must have changed it to prevent this way of dealing with the issue. If anyone else has any ideas I'd be interested.

George said...

That's not all, I had a virus on my computer. Very rare because I always use vmware virtual machine for accessing the web but after I removed it, I were unable to run the task manager, regedit etc. I had to reformat the hard drive and spent a day reinstalling applications, drivers etc. I am a software developer so you can imagine, VB.NET, VB6, Fireworks, Cold Fusion, Office, Front Page and so on, the list is huge because I need many computer programming tools.

After a while, I learned that Trend Micro was the one who lock my computer out

Watch this from TSC.ini
[secured policy]
DisableTaskMgr=1
DisableRegistryTools=1
NoRun=1
NoCloseKey=1
NoFind=1
DisallowRun=1
FirewallDisableNotify=0
UpdatesDisableNotify=0
AntiVirusDisableNotify=0
FirewallOverride=0
AntiVirusOverride=0
NoAutoUpdate=0
AUOptions=1
EnableFirewall=0

I tell you what, DRASTIC solution and forgot about the GUI made for AOL home users, deny any to any on TSC.exe

I have been supported Trend Micro on my place of work since 8 years ago and I tell you this, there is not the first time when I have aasked a question and I received a straight technical answer in pure technical language, all their answers and recommendations are click start button >> control pannel... reboot 5 times etc

The link provided earlier http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-124431&id=EN-124431 is just another example of that, not a single technical word in tech language so !Congratulations Hanscom, thats the best solution

Anonymous said...

You can add access to yourself with full control and then deny access to (computername)\SYSTEM - the user account that runs it.